package org.dizena.base.web.wrapper;


import org.apache.commons.text.StringEscapeUtils;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;


public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper
{
    public XssHttpServletRequestWrapper(HttpServletRequest request)
    {
        super(request);
    }

    public String getHeader(String name)
    {
        return StringEscapeUtils.escapeHtml4(super.getHeader(name));
    }

    public String getQueryString()
    {
        return StringEscapeUtils.escapeHtml4(super.getQueryString());
    }

    public String getParameter(String name)
    {
        return StringEscapeUtils.escapeHtml4(super.getParameter(name));
    }

    public String[] getParameterValues(String name)
    {
        String[] values = super.getParameterValues(name);
        if (values != null)
        {
            int length = values.length;
            String[] escapesValues = new String[length];
            for (int i = 0; i < length; i++)
            {
                escapesValues[i] = StringEscapeUtils.escapeHtml4(values[i]);
            }
            return escapesValues;
        }
        return super.getParameterValues(name);
    }

}